题名

結合持續整合之敏捷開發模式提升行動商務App安全性

并列篇名

Combining Continuous Integration into Agile Development Model for Enhancing Mobile Commerce Applications Security

作者

賴森堂;崔詠捷

关键词

持續整合 ; 敏捷開發 ; 行動商務App ; 整合測試 ; 安全風險 ; Continuous integration ; agile process ; M-commerce App ; security risks ; integration test

期刊名称

電腦稽核

卷期/出版年月

33期(2016 / 01 / 30)

页次

87 - 101

内容语文

繁體中文
中文摘要

行動商務正持續快速成長,行動商務應用程式( App)是提升行動商務效率與效益的重要利器,不過,App 安全漏洞與缺失造成的危害與損失是難以預估的,可能衝擊個人、組織與社會的安全,如何提升行動商務App 的安全性,成為一項值得探討議題。軟體製程中,結合持續整合( Continuous Integration; CI)的敏捷開發模式,可以及時識別與改善軟體開發缺失,有效降低軟體專案失敗風險。為此,本文深入探討CI 的運作環境與優勢,剖析高變動性行動商務App 開發與維護的安全風險,規劃以敏捷開發模式結合CI,彌補行動商務 App 的安全問題,進而提出一套行動商務App 持續整合程序(MCommerce Application Continuous Integration Procedure; MCACIP),融入自動化整合測試,隨時部署可用的App,及時識別安全漏洞與缺失,強化App 安全性,有效降低行動商務App 安全風險。
英文摘要

Mobile commerce growth ratio is rapidly expanded. M-commerce App ( Applications) are the major tool to increase efficiency and revenue of Mobile commerce. However, App security vulnerability and defect may cause the inestimable damages and losses. Personal data, organization and society security could be impacted. How to increase the security of M-commerce App is a worth discussion topic. In software development, combining CI ( Continuous Integration) into agile process can timely identify the software errors and defects for efficiently reducing software project development risks. For this, in this paper surveys the advantages of CI technology and analyzes the development and maintenance security of M-commerce App. Combining CI ( Continuous Integration) into agile process improves the security issues of M-commerce App and proposes the M-Commerce App Continuous Integration Procedure( MCACIP). The MCACIP applies automated integration testing, workable App quickly deployment, security vulnerability and defects timely identification to efficiently reduce App operation security risks.
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. Dan North, 2006 ,“Introducing BDD ,” http://dannorth.net/introducing-bdd/ (accessed August, 2015)
  2. ETtoday 財經新聞,(2015)「電子商務夯!」ETtoday 新聞雲。(http://www.ettoday.net/news/20150904/559982.htm#ixzz3nU6KJsrv)
  3. SmartM 社群媒體部, 2015 年7 月。(https://www.smartm.com.tw/article/31333539cea3)
  4. Martin Fowler, 2006 “Continuous Integration,” martinfowler.com, http://www.martinfowler.com/articles/continuousIntegration.html (1 May 2006), accessed August 9, 2015.
  5. 資策會FIND, 2015,「2015 H1 臺灣消費者行動裝置使用指標」,創新應用服務研究所, 2015 年4 月。
  6. Paul Duvall, Continuous Integration Servers and Tools, DZone Refcardz. https://dzone.com/refcardz/continuous-integration-servers#, (accessed Auguest 9, 2015)
  7. L., Keogh, 2009, “Translating TDD to BDD , ” http://lizkeogh.com/2009/11/06/translating-tdd-tobdd/,(accessed August 9, 2015)
  8. 楊振甫,2015,「歡迎光臨! 下一代未來商店」,中時電子報, 2015 年09月20 日。
  9. Al-Fedaghi, Sabah(2011).Developing Web Applications.International Journal of Software Engineering and Its Applications,5(2),57-68.
  10. Beck, K.(2003).Test-Driven Development: By Example.Addison-Wesley.
  11. Beck, K.(1999).Extreme Programming Explained.
  12. Beck, Kent(2006).Extreme programming: A humanistic discipline of software development.Fundamental Approaches to Software Engineering
  13. Booch, Grady(1994).Object-Oriented Analysis and Design with applications.Addison Wesley Longman.
  14. Cohn, M.(2004).User Stories Applied: For Agile Software Development.Addison-Wesley Professional.
  15. Crispin, Lisa,House, Tip(2003).Testing Extreme Programming.Addison Wesley.
  16. Duvall, Paul(2007).Steve Matyas and Andrew Glover, Continuous Integration: Improving Software Quality and Reducing Risk.Pearson Education, Inc..
  17. Holcombe, C.(2007).Advanced Guide to eCommerce.LitLangs Publishing.
  18. Larman, C.,Basili, V. R.(2004).Iterative and Incremental Development: A Brief History.Computer,48.
  19. Martin, Robert C.(2002).Agile Software Development, Principles, Practices and Patterns.Prentice Hall.
  20. Pressman, R. S.(2010).Software Engineering: A Practitioner's Approach.New York:McGraw-Hill.
  21. Saff, D.,Erns, M.D.(2003).Reducing Wasted Development Time via Continuous Testing.Proceeding of IEEE International Symposium on Software Reliability Engineering (ISSRE)
  22. Schach, S. R.(2011).Object-Oriented and Classical Software Engineering.New York:McGraw-Hill.
  23. Szalvay, V.(2004).An Introduction to Agile Software Development.CollabNet, Inc..
  24. 黃貝玲(2001)。解析B2C、B2B 與B2E 三種類型之行動商務的應用領域。電子化企業經理人報告,22,15-23。
print cancel